| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cta at hcsin.net (Bernie, CTA) Subject: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door I see that in a recent article published by eWeek claim legal experts say individuals examining the leaked Windows code could face charges of trade-secret violations and infringement of software patents. http://www.eweek.com/print_article/0,3048,a=119396,00.asp Could Microsoft's attorneys go after sleuths who are, have been disclosing vulnerabilities in Microsoft's software and allege that the individual had discovered the vulnerability because they downloaded the code and examined it? Good tactic to impede pen testing, security research, or disclosure of security threats, which in the past have cast a ominous shadow on MS, is it not? It may be wise for security sleuths to fully document their vulnerability / exploit discovery process, when, how, what, why. I'm sure Microsoft's attorneys will be serving production of documents request upon a select group. Note that under US Federal law, limited discovery to perpetuate testimony regarding any matter can be performed before a lawsuit is actually filed. -- -- **************************************************** Bernie / cta@...in.net Chief Technology Architect / Chief Security Officer Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *******************************************************
Powered by blists - more mailing lists